Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 03:36

Hi!
Help me...
i try find pass teeachers(sql-inj):
...nfo.php?action=name&&id=9999 UNION SELECT * FROM xxxxx
or
union select 0,0,0,0,0,0 from sxxxf (fields 6)
or
like these...
and all the same i get:
"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM xxxx' at line 1"...
Note.please, error in "FROM",where that couldn't be error!...if it's classic sql-inj...or here blind sql?...
Give me right direction or hint what i do please...i'm stuck on easy moment...

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 10:56

jee

it's not that "complicated".

thik about it a bit.

action=NAME&id=blah

hmm...NAME... what if you type... sth else?

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 10:56

jee

it's not that "complicated".

thik about it a bit.

action=NAME&id=blah

hmm...NAME... what if you type... sth else?

edit(stupid double post when doing "back&quot

Edited by on 14-04-06 10:57

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 12:39

this reals a bitch

Author

RE: Down?

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 14:08

I was just woundering i get 'hbh_real.student' doesnt exist whenever i go to grades. is this part of the challenge?

RE: Real 7

no this isnt part of the challenge. i'll look into it the problem and see if i can get it solved.

Author

RE: Down?

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 14:40

bleh i got a double post edited it!!!
Thanks Mr_cheese!

Edited by on 14-04-06 14:42

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 14-04-06 22:50

could you also check contacts script? i know i have to be persistant, but this is riddiculus.it's driving me mad.i tried over 300 possabilities, surely.

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 15-04-06 12:52

i try inject "name",but "Unknown column 'NAMEHKJ' in 'field list'"...quotes filtered...on "union" i get "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM STAFF--, name FROM staff WHERE id = 11' at line 1"...
i don't know...

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 15-04-06 13:08

if you're talking about getting the staff's passwords, you shouldnt inject "name", you dont want their name, u want their ..

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 15-04-06 23:25

god wrote:
if you're talking about getting the staff's passwords, you shouldnt inject "name", you dont want their name, u want their ..

Ohhh...very thanks...i try this...but i so inattentive=))

Author

RE: Real 7

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 16-04-06 01:49

ok..we in last part...need access in ./a****/...
login and pass admin-teacher doesn't work...
contact.php - give us nothing...
And as a matter of fact .htaccess - very bad file...we have trouble with him in other mission...

Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.